- John Ainsworth and Niels Peek
Citizen’s data, healthcare and trust
Health data has informed a central part our NHS for more than two decades, helping the informative bodies to improve services and understand health trends. This has also proved key in understanding, and attempting to mitigate, the worst impacts of COVID-19. However, when this data is shared with secondary bodies, does the public trust that this will be used in good faith?
In this blog, John Ainsworth and Niels Peek, Professors in Health Informatics, discuss how and why policymakers should strive to maintain public trust in health data.
Data in electronic health records (EHRs) must abide with the UK’s General Data Protection Regulation (GDPR).
However, previous failures of the NHS to follow this legislation regarding data sharing has rendered public health data a contentious topic.
With the NHS under increasing pressure, policymakers should strengthen transparency and communication around EHRs.
The UK’s National Health Service (NHS) has had electronic health records in GP practices for more than 20 years. These records are kept from cradle to grave and, increasingly, electronic records are also being used in hospitals, social care, dentistry, and other parts of the healthcare system.
The NHS number provides a unique identifier for each citizen which can be used to link data from different databases together, providing a rich, comprehensive source of real-world evidence.
However, its enormous potential for purposes beyond direct care was soon realised and some high-profile cases of data misuse have dented public trust. So, how can we maximise this resource for the benefit of all, and rebuild that trust?
Powerful, useful but highly sensitive
The data in electronic health records (EHRs) is powerful and extremely useful. It can help us improve healthcare services, understand diseases in populations, and assess the safety and effectiveness of treatments. But health is an intimate area of personal life and few people feel comfortable with the idea that strangers can see their health record.
All health professionals therefore have a duty of confidentiality, which means that they cannot disclose this information to others without the patient’s consent. A legal framework exists to share EHR data for purposes beyond direct care without needing consent from every citizen.
This is the Data Protection Act 2018, the UK’s implementation of the General Data Protection Regulation (GDPR). In essence, it says that all person-identifying information should be removed from personal data before such data is processed for purposes beyond the reasons for which it was originally collected – in this case, healthcare provision.
Legal cases, headlines and damage to public trust
So, problem solved? Unfortunately, not. The use of personal health data for uses other than providing care is contentious, because of the lack of public trust.
In 2018, the Information Commissioner’s Office (ICO), responsible for upholding data protection laws, ruled that the Royal Free Hospital had broken the law when it provided the personal data of 1.6 million patients to DeepMind, a subsidiary of Google. The ICO found no legal basis for the sharing of this data. Clearly, the failure of an NHS trust to follow the law on data sharing with a company that has commercial interests has damaged public trust and confidence. As has Care.data, launched in 2013 with the aim of providing a single national data repository for UK health records.
The project soon ran into trouble, with much criticism reported in the national media. A communications plan, which relied heavily on a flyer distributed to every house alongside menus for takeaways, was woefully inadequate. More than 12% of the UK population chose to opt out of the database, and this was not trivial. The programme was finally scrapped in 2016.
A matter of public trust
Why did Care.data run into trouble? Unlike the Royal Free/DeepMind case, no laws had been broken. The problem with Care.data was the lack of public trust. Three objections that cumulatively led to the breakdown of trust have been identified. Firstly, it was unclear in whose interest Care.data had been established. Secondly, it was unclear that this was established for the public good. Thirdly, Care.data lacked reciprocity; data was taken with seemingly nothing offered in return. Non-exploitation, service of the public good and reciprocity are three necessary conditions for a social licence, and hence trust, to use health data for purposes other than providing care.
A useful way to think of this is through the principle of ‘no surprises’. If you were told that an NHS trust was sharing data with a commercial company for a particular purpose would you be surprised? If yes, then something is wrong because it is outside your expectations. The keys to no surprises are transparency, communication and the social licence.
Citizens’ juries, public opinion and policy
We have undertaken a novel form of public engagement, called citizens’ juries, to try to understand what the public thinks about reusing data from NHS health records for purposes beyond direct care. Citizens’ juries are a form of deliberative democracy, based on the idea that people from a variety of backgrounds with no special knowledge or experience can come together and tackle complex public policy problems. A group of citizens, selected to be broadly representative of the general public, deliberate over a clearly framed question and they reach a decision either by consensus or voting. During the course of the deliberation (normally three to five days), the jury will have access to expert witnesses.
We have run two citizens’ juries. In the first, we asked the jurors, “To what extent should patients control access to patient records for secondary use?” We found that, when informed of both the risks and opportunities associated with data sharing, citizens believe an individual’s right to privacy should not prevent research that can benefit the general public. The juries also concluded that patients should be notified of any such scheme and have the right to opt out if they so choose. Many jurors changed their minds about this complex policy question when they became more informed. Many, but not all, jurors became less sceptical about health-data sharing, as they became better informed of its benefits and risks.
In the second citizens’ jury we asked the jurors to evaluate eight scenarios of reusing health data, from improving health service to reuse for private commercial gain. Jury members tended to be more accepting of data sharing to both private and public sectors after the jury process. Many jurors accepted commercial gain if public benefit is achieved. Some were suspicious of data sharing for efficiency gains. Juries elicited more informed and nuanced judgement from citizens than surveys.
Policy principles for the future
We recommend the following policy principles be adopted for the reuse of healthcare data:
Transparency: Publish every use of data, who data is shared with, and for what purposes. Publish the results of any research on a publicly accessible platform.
Communication: Actively engage with the citizens whose data you are reusing. Be clear on benefits and risks.
Maintain the social licence: Only reuse health record data for public benefit and in a non-exploitative manner, with clear reciprocity for the people whose data is being reused.
By following these policy recommendations, we can achieve the aim of ‘no surprises’ and so maintain public trust when health data is used for purposes beyond direct care.
With such powerful benefits to gain or lose, an ageing population and a national health service under severe pressure, we should make every effort to get this right.